Linux boot media need not be tricky! In today's episode, I'll talk about four ways to flash an ISO from Windows (and other systems too). I know a lot of you are switching to Linux because of Micros...
This ticket has been open now for 5 months with no engagement from the maintainer.
Your install media and anything that modifies your EFI partition or UEFI firmware settings needs to be the most trusted part of your system. And here is Ventoy, a tool that looks open source and then includes a large number of binary blobs in its repository, with no indication of how they were compiled. This is horrible security practice and for me that’s enough for me to never use it.
I get it ventoy is bad but there’s no other software that easy as that, me & my friends use ventoy as daily drive and never got any issues from it.
We already abandoned Rufus & YUMI (like ventoy but a little bit worse, the difference is you had to unpack each ISO into separate folder) looooong time ago because we works as tech guy from reinstall OS (yes…in my country not everyone is tech savvy, even from computer science one) for many clients & since we must have different bootable tools it’s not wise to have separate jump drive for each tools
@drspod@SatyrSack Ventoy has bad parts yes but many things either are only supported by it or rely too much in it, for example, as a sysadmin I need to have at all time a winlol ISO (even though I hate myself every time I use it) and also as an IT I need to have a MediCat USB at all time, both cannot be done with Glim, so until a better solution sees the light of day, Ventoy should remain my main tool
Ventoy has a lot of work to do if they want to earn our trust:
Remove BLOBs from the source tree #2795
This ticket has been open now for 5 months with no engagement from the maintainer.
Your install media and anything that modifies your EFI partition or UEFI firmware settings needs to be the most trusted part of your system. And here is Ventoy, a tool that looks open source and then includes a large number of binary blobs in its repository, with no indication of how they were compiled. This is horrible security practice and for me that’s enough for me to never use it.
You can also see a discussion on the subject on HN here: https://news.ycombinator.com/item?id=40689629
A much better alternative, if you want a multi-boot USB, is GLIM: https://github.com/thias/glim
It’s just a collection of Grub configs, so very simple and easy to audit.
Thanks for bringing this up! I started a thread here for us Lemmings to discuss: https://lemmy.one/post/19193506
I get it ventoy is bad but there’s no other software that easy as that, me & my friends use ventoy as daily drive and never got any issues from it.
We already abandoned Rufus & YUMI (like ventoy but a little bit worse, the difference is you had to unpack each ISO into separate folder) looooong time ago because we works as tech guy from reinstall OS (yes…in my country not everyone is tech savvy, even from computer science one) for many clients & since we must have different bootable tools it’s not wise to have separate jump drive for each tools
@drspod @SatyrSack Ventoy has bad parts yes but many things either are only supported by it or rely too much in it, for example, as a sysadmin I need to have at all time a winlol ISO (even though I hate myself every time I use it) and also as an IT I need to have a MediCat USB at all time, both cannot be done with Glim, so until a better solution sees the light of day, Ventoy should remain my main tool
So your approach to security is that you cross your fingers and hope?
@drspod more like doing countermeasures in case the worst thing happens